Telnet Unencrypted Transmission Information Disclosure

1983-05-01T00:00:00
ID OSVDB:221
Type osvdb
Reporter OSVDB
Modified 1983-05-01T00:00:00

Description

Vulnerability Description

The telnet protocol may allow a remote attacker to gain access to sensitive information. The issue is due to the protocol not encrypting the traffic sent between two machines. This allows an attacker with access to the network to potentially monitor or 'sniff' the traffic. Any information transmitted including logins, passwords and sensitive information may be disclosed to any attacker on the same subnet.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable telnet and other unencrypted protocols. Install an encrypted protocol such as SSH to handle remote access.

Short Description

The telnet protocol may allow a remote attacker to gain access to sensitive information. The issue is due to the protocol not encrypting the traffic sent between two machines. This allows an attacker with access to the network to potentially monitor or 'sniff' the traffic. Any information transmitted including logins, passwords and sensitive information may be disclosed to any attacker on the same subnet.

References:

Nessus Plugin ID:10280 Generic Informational URL: http://www.faqs.org/rfcs/rfc854.html Generic Informational URL: http://www.linuxsecurity.com/resource_files/network_security/sniffing-faq.html Generic Informational URL: http://www.washington.edu/computing/windows/issue21/password.html CVE-1999-0619